 Daily Tech News show is made possible by its listeners, thanks to all of you, including Paul Boyer, Brad, and Kevin. Coming up on DTNS, the biggest data breach in history hits Shanghai, chip shortage hopes for consumers, and is Apple shortening the life of Max? This is the Daily Tech News for Tuesday, July 5th, 2022 in Los Angeles, I'm Tom Merritt. And from Studio Redwood, I'm Sarah Lane. From Studio Colorado, I'm Shannon Morse. And I'm the show's producer, Roger Chang. Because really it would be Vecna who would be shortening the life of Max. Oh. Stranger Things fans. Ooh. Get that reference. Hey everybody, let's start with a few tech things you should know, shall we? The latest release of Chrome for Windows patched a high severity, zero-day vulnerability being exploited in the wild. This is the fourth Chrome zero-day patch this year. The update fixes a heat-based buffer overflow weakness in Chrome's WebRTC components, reported by Avast Thread Intelligence on July 1st, but no other details were released by Google. Ah, patch, patch, patch is what that means. Europe's Digital Markets Act is the one that would require messaging services of a certain size to inter-operate with each other, among a few other things. We talked about that one on March 29th. The Digital Services Act in the EU is the one that affects targeting of users. And it has a lot of components, including rules against dark patterns, requiring transparency about how algorithms promote content. We talked about that one back on April 25th. Well, both have been making their way through the EU legislative system. And we have an update for you. They passed the European Parliament. So next up for the DSA and the DMA is the European Council. That's where every country gets a single seat. If the European Council approves the text of the bills, then they will be formally published. They're thinking that's probably going to happen sometime this autumn. And then that will come into law 20 days after it has been published. And Member States will have six months to begin implementation. Xiaomi announced the 12S Ultra, mostly packing typical flagship smartphone specs. But it's the first phone to use Sony's 50 megapixel, one inch IMX989 sensor with a camera system co-developed with Leica. It's also the first Android phone to support recording and playback of Dolby C-Vision HDR video at up to 4K, 60 frames per second as well. Pricing starts at $6,001, which is about $900 US, available for pre-order in China now, shipping July 6th. That's one big sensor. Google will no longer approve Play Store updates for South Korea's popular messaging app KakaoTalk, until the app removes a link to external payments on Kakao's website. It's the first time that Google has enforced its policy of requiring apps to use the Google Play billing system. A South Korean law, you may recall, requires Google and Apple to allow third-party payments in apps. But Google's policy is that those apps must also still offer Google's own payment system. And Google says it still prohibits external links. Whereas the Korean Communications Commission told TechCrunch last month that it believes prohibiting links is against this new law. So we're going to see a clash. The Chinese automaker BYD surpassed Tesla as the world's largest electric vehicle maker in the first half of this year, 2022. BYD sold 641,000 EVs compared to Tesla's 564,000. Part of this is a result of strict COVID lockdowns that impacted Tesla's China production, which saw deliveries drop 18% in Q1 as a result. All right, let's talk about another little security thing and another story about China, shall we? Let's do it. A Breach Forum's user going by the name China Dan claimed last week to have breached the Shanghai National Police Database and accessed about 24 terabytes of data on around 1 billion Chinese residents. Pretty big breach, if true. The AP saw a purported sample, which included names, addresses, birthplaces, national IDs, phone numbers, and also criminal case information. The user is offering to sell the database for 10 Bitcoin, which is going for a little less than $200,000 as of Bitcoin's current price. So you may be wondering if it's actually all this data that's been leaked. Trivium China partner Kendra Schaefer posted that quote, it's hard to parse truth from the rumor mill but can confirm that the file exists. And letting credence to the claim was a post on Monday by Zhao Shengping, the founder and CEO of crypto exchange Binance. So Zhao wrote, our threat intelligence detected 1 billion resident records for sell on the dark web, including name address, national ID, mobile police and medical records from one Asian country. This is likely due to a bug in an elastic search deployment by a government agency. And they also mentioned Binance mentioned that they will be increasing verification procedures for potentially affected users. Neither Shanghai nor Chinese authorities have publicly responded to the claims, but searches on Weibo for Shanghai data leak have been blocked. Yeah, I've seen a lot of headlines touting the fact that China is censoring discussion of this big leak as that's shocking news, which it's not. And that's pretty much regular policy for China if they have a domestic attack like this to sort of keep it quiet, which is the best security policy honestly because Shannon, don't you think the biggest use of this will be for fishing. Oh, absolutely. China is commonly a really, really major issue when it comes to these kind of releases of databases. And you may be wondering, and I did want to mention what this elastic searches, because it's happened that elastic search this name has come up in a lot of breaches in the past and apparently it's still an issue to this day. It's basically this open source database engine that lots of different organizations use and apparently so do the police records for China apparently if this is indeed true they use it as well. And organizations will use this to store just buckets and buckets of data about whatever they are collecting on users and information and if they don't store it correctly and protect this data whenever they are storing it in these databases. It could potentially be exposed online. So it's very similar to what we see whenever like Amazon S3 databases get exposed online and they aren't potentially storing that information correctly as elastic search is kind of similar to that, where if you don't protect it you could potentially be exposing all of your users. It takes a little finesse to keep elastic search from stretching too far. And it's widely used a lot of companies use this it's it's elastic search is a product that's made by a company called elastic, and it's it's very widely used it's very popular but you have to implement it correctly in order to protect, you know the people's information that you're storing in there. Apparently it was at this time. She said Shannon a couple minutes ago of you know the fishing being a big part of this I think a lot of people including myself sometimes go. All right, well, you know when I was born, you might know my home address, maybe you know my phone number. I mean, what that's not good, obviously not good but like what what am I worried about right now. And I you know I think a lot of folks go like, I have nothing to worry about. You know, unless you take you know my credit card information and drain my bank account, but it's what you can do with that information later on that that's where people run into problems that they don't foresee earlier. Yeah, absolutely. It could help them try to verify themselves in social engineering attacks, they could pretend to be you and use that information to gain access to other accounts that you might hold not even just thinking but they could potentially get access to like your phone carrier or your internet or if there's like a stalker looking for your information they could find out where you live like there's a lot of problems associated with this that could allow somebody to take over your identity online, not just fishing. Yeah, there there've been examples in the US of people faking a warrant request by by just making it look like it was coming from an official email. Imagine if you have the national ID police and medical records of someone, what you can imitate, as far as like trying to trick information out of police hospitals, etc. So, you know, the fact that you you got name address and phone number enough is a way to trick some people into giving you information, add all this other information on top of it that's, you know, that's serious. That's serious ammo for somebody wanting to target people. That's serious business. Yes. So it should be taken seriously, especially since this information is potentially out there already. The people that may be able to find their information in these databases now should definitely take steps to protect themselves because I'm a believer that no company is going to protect you, as well as you can protect yourself. Yeah, especially if you have family living in Shanghai. If those are family who may not be as savvy with technology, you want you want to reach out and help them out and know what to look for. Well, we've covered a real barrage of stories recently about the continuing chip shortage started back in 2020 because of a lot of factors. We had surging demand. We had pandemic related factory shutdowns, logistics issues, even fires and other weather problems were also factors. The shortage has continued as logistics problems remain. China experienced a new round of partial factory shutdowns from COVID and Russia began a war in Ukraine. Through all that, we rarely talked about demand, though, because demand stayed pretty high until possibly now. So Tom, what is going on? Yeah, two things are starting to drive down demand. One is the crash in cryptocurrency, which has reduced demand for new equipment that you would use to expand your cryptocurrency business. If you don't have the money coming in from cryptocurrency, you can't expand the business. The other is a decline in PC sales overall. The demand upgrade for home offices has abated as people get settled in or go back to work. And the rise of inflation has also dampened demand even more. Even if you bought a new computer in 2020 and we're thinking, well, maybe I'll upgrade it now. You might not want to pay the price you'd have to pay. While demand for chips and cars and data centers is still strong, the decline in consumer demand has companies rethinking their investments. Yeah, and those companies, it's not just one or two. It's kind of a long list. Let's go through some of them now. Intel CFO David Zinsner called the outlook for the second half noisier Intel froze hiring in its PC chip division back in June, being cautious. Micron CEO Sanjay Madrota warned last week that demand has weakened because of declines in PC and smartphone sales. And Micron will cut back spending to adjust. Kind of getting a theme here. In video is reducing a hiring as crypto miners and video gamers are both reducing purchases. AMD says it's expecting demand to be flat for the next few years, but data center demand should make up most of the difference. HP and Dell both report consumer demand softening, while company sales make up some of that decline as well. And Qualcomm, which mostly sells chips for smartphones, says that it sees supply and demand coming into balance in the second half. So Qualcomm says, eh, we might write the ship pretty soon. But will this ease the chip shortage because IDC expects the PC shipments to fall 8.2% this year after 13% growth in 2020 and 15% in 2021. Yeah, so if you're not selling as many computers, you're not to make as many computers, which means you don't use as many chips. The answer is yes and no, this is going to help. Yes, it will help ease the chip shortage for consumers. If you can still afford to buy a new GPU or a PC, you shouldn't have as much trouble getting one. Central computers told the Wall Street Journal it now has well stocked shelves of chips and cards and has ended its rationing. They had some restrictions on what you could buy, how many of pieces you could buy that they started introducing in 2020. They've gotten rid of those. So head on down to central computers. You can actually find well stock shelves. But the answer is no for the wider chip industry as demand from business and cloud computing is staying high and demand for older chips, which are often the ones used in vehicles and other electronics has not fallen and capacity for those chips is not being added. They're building new fabs. If they're still building them for new chips, we're not going to increase the number of old chips. So it's going to take a little while for the for the ease to happen there. If, however, the economy gets worse, and you see fewer vehicles selling that could ease the chip restriction on on some of those older things and in general products as well and it could cause cutbacks in data center usage, which could come with, you know, which could reduce the number of new chips needed But honestly, even with economic headwinds, I doubt you're going to see cloud computing slow down enough to really have a significant impact on easing this. So my guess is we might be headed towards equilibrium by the end of the year. But it would take a really it would take a depression, frankly, to really have the economic side of this affect the chip shortage, at least in my opinion. I'm one of those consumers that's hoping that I can build a computer but I am impacted by the current economic issues. So I'm potentially going to be one of those people that still has to wait, even though I want to support the industry and build another PC. It might just might just have to wait just because of what's going on currently. Well, and I think this is, you know, for, for those of us who are, you know, and I'm certainly in the camp of I am not like an economics expert. But this has all been very fascinating, even though sometimes also extremely frustrating, like you Shannon depending on what you want to buy, you know, and the prices are weird or you can't the components you want, whatever it is. I mean, it's a very good reminder that so many companies are impacted by general swings financial swings and the technology industry has has, you know, it is no different than any other financial sector when it comes to how do we get the things to put into the things that people want to buy, how many people want to buy them. And it is for anybody kind of going, Well, don't they just figure out how to make more chips and then there isn't a chip shortage anymore and everything gets better. I mean, yes, it will. But there's so many moving parts in order for that to happen. And so many companies saying we're cutting back or we're feeling good because of cutbacks that we may have made in the past. And you know, it's it's it's a pretty dense topic. Yeah, I mean, it, you can make more chips by building new factories, building new factories takes a long time and is expensive. And if you're suddenly seeing PC sales decline, then you have less money to build those new factories right. So I don't necessarily think any more, even though I predicted it in our predictions episode, I don't think we'll see the chip shortage end by the end of the year. But I think 2023 we could be having a conversation about overspend. As the economy does swing back. And as we catch up on chip demand and companies stop stockpiling, because they're worried about a shortage, suddenly we may have too much capacity, we may be talking about whether they overbuilt or not. Well, folks, if you have a thought about this, especially if you're in the chip industry, give us an email. We'd love to hear your insights feedback at daily tech news show.com. Ars Technica's Andrew Cunningham has an article up called some max are getting fewer updates than they used to. Here's why it's a problem. It is an excellent well researched well explained in depth article. You absolutely should read it. We'll have a link in the show notes or just go to ArsTechnica.com and look for it. It seems to have been inspired by the fact that the macOS Ventura operating system coming later this year has stricter requirements than Monterey. To run Ventura, you're going to need a Mac that was made in 2017 or later. Monterey supported Macs going back to 2013. So Cunningham and Team, they pulled together data from Apple and EveryMac.com to chart how long Apple supported OSs for Macs going back all the way to 1998, lots of data. And here's some of the highlights of what they found. Let's go ahead and talk about what they found first. The low point for average number of years supported was Max introduced in 2015. This was shortly before the switch from PowerPC to Intel. The average years of support for a 2005 Mac was 4.13 years and that steadily climbed until 2010 when it reached 8.13 years then started a yearly decline in 2013 until it reached 5.978 in 2016. Now we don't know the average for years after that because those models are still being supported to this day. Security patches are longer with a low of 6.01 years in 2005 and the same peaks and decline that kind of match up with the previous graph until 8.07 years in 2016. And Cunningham also points out that security patches for older operating systems come slower. So what causes that decline? Yeah, and Cunningham has some good theories about this. Drivers and chip firmware are often one of the drags on updates. Certainly that's well documented in the Android space. And you'd probably think, well, Mac OS doesn't have drivers. They do. Mac OS just bundles in the drivers, but it still needs hardware manufacturers support to keep them updated. The last update to Intel GPUs that are used in Macs from 2013 to 2015 was in February 2021. The last update to AMD GPUs that are used in the 2013 Macs is now in legacy status, which means it doesn't support new operating systems. Now, in both those cases, we know that from their Windows statements, not from their Mac statements, but we can assume it's pretty similar. Intel no longer provides security patches for its fourth or fifth gen processors. And of course, as you know, if you listen to this show, there's new bugs in chip firmware found way more regularly than there used to be. It could, though, also be that Apple just wants to get off of supporting Intel chips the way it got off of supporting PowerPC. I mentioned that dip, Shannon, in 2005 when they were trying to get off of having to support two different platforms. Cunningham asked some ideas for what Apple could or should do about this. But what do we think, Sarah? What do you think Apple's responsibility is here? I mean, I don't think Apple really cares what anybody thinks its responsibility is, but I think, I mean, gosh, maybe the responsibility would be to be a little bit more transparent about what direction it's going in. I mean, it's Apple, so best of luck with that, everybody. But yeah, I would say if I had to guess that not supporting Intel anymore is something that Apple wants to do because it's more lucrative for the company. To move in a different direction. One thing that I've really enjoyed watching in the Android space and obviously we're talking about Max here, so not necessarily a same by same scenario here. It's kind of apples and oranges, but with Android, they've been very clear and transparent, especially with Pixel, about how long your products are going to be supported for OS and security updates. And they've been, they've started getting longer for the Pixel line, especially, mainly because they control all of those different factors. So I love the fact that you brought up, maybe they just want to get off of supporting Intel and power, like they did with PowerPC, because that's kind of similar to what happened in the Google space to is eventually they started creating their own chip sets. And we started seeing longer support scenarios being announced. So I do, I would argue that that's probably what Apple is planning to do as well. Yeah, it Apple has never come under criticism for support length with Mac because they've done it for so long, but they've never been transparent. And that's one of the things Cunningham says they could improve is let folks know what the roadmap is for support. You don't have to tell them what the future roadmap is, but for folks who already have a laptop, you know, give them a better idea of how long you're going to get major updates and how long you're going to get security updates. Because security updates in particular are important, even though they take longer on older platforms, you know, you can still safely use them. Sometimes you will run into hardware problems with previous made chip sets that have physical vulnerabilities, but generally a lot of those are localized issues that require some kind of other remote attack to be able to access those kind of vulnerabilities. So those can sometimes disrupt those kind of production updates or patches that you would see on older devices, but overall security updates should be happening on a much more reoccurring basis. And I get where Apple wants flexibility to be able to decide what to support and what not to support. So even if they just commit to security updates because security updates. The reason you stop security updates is probably cost. It's like, well, there's there's too few people out there using this platform. So we don't want to support it up. So maybe more transparency on that just so when that term goes from like, oh, the last time they were supporting, you know, seven year old laptops on the update, I'm good for a while. And then the next update comes out and they're like, oh, they're only supporting back to 2017. Oh no, I thought I would have a few more years on this laptop. Yeah, you know, it's it's good to have an idea of when that length is going to change. But I think you're right, Shannon, I think the fact that Apple is moving into the M one probably means they're going to have longer support terms in the future because they control the chip set and therefore control the driver, the driver stuff a little better or the firmware stuff a little better. They're still going to be relying on drivers for third party manufacturers of other components besides the chip. All right, let's talk soccer, aka football. Yeah, depending on where you are might be called football might be called soccer. The international governing body of association football aka FIFA. Pretty big org announced it will start using a semi automated system of AI powered cameras to help referees make offside calls at the World Cup which is happening a little bit later this year in Qatar. A sensor in the ball will relay its position on the field 500 times per second and then 12 tracking cameras that are mounted underneath roofs of stadiums. There are multiple stadiums for the World Cup will use machine learning to track 29 points in players bodies. The AI is looking at all sorts of stuff. Then the software will be able to combine all this data and alerts can be sent to a nearby control room. That's where officials are. They can make the final decision so this is a human signing off and relay that back to refs on the field but this is all supposed to happen very quickly. So game spectators can also watch animations of this data that, you know, whether you're watching on, you know, broadcast at home or perhaps you're in a stadium, you would be more clear, hopefully if all goes well, as to why a call was made and why it was the right call. FIFA claims that the whole process can happen within a few seconds and will keep the pace of the game going swiftly. During the 2018 World Cup you might recall that FIFA started using the video assistant referee called Var to let referees review decisions using sideline monitors. So I think it's another step in the technical direction. Two important things to note on this story. One is that humans are still the ultimate arbiters of whether offsides gets called or not. They're not abandoning the choice to the algorithm. The algorithm goes to the officials who review it and decide whether to relay it. And FIFA has said the referee on the field has the final call. So this is just a way to aid the diagnosis of it. The other thing is I don't want to get into trying to explain offsides to people, but if you know what it is, you know that if you can be a computer who knows exactly where all the people are and where the ball is, it's pretty easy to determine it, right? So it's a thing that a computer can diagnose very well as long as that computer vision algorithm is good at determining which people are on which team and whether they're in front of the ball or behind the ball. I'm not super familiar with sports ball terminology, but are they doing this? I'm like half joking. Are they doing this to stop fights? I don't think it has to do with fights. I think it's just to increase the pace of the game so you don't have... Increase the pace of the game and also to give people less of a reason to say, well, the refs suck. So I'm not happy with the way... That's what I'm saying. The final score here, it's like, well, we're using all the machine learning we can to make sure that we're making these calls. And honestly, already in our chat room has people yelling at the virtual umpire, Batman 2001. It's like, the IAR is terrible. Oh, they're still going to be fights. So, yeah, it will redirect the anger away from the humans, I guess, like all these things always do. But yeah, it's interesting to see the continual use of machine learning, computer vision systems and all of that as they try to apply it. And while there are bumps in the road, especially in the early adoption of this sort of stuff, I personally think that this is going to be better as you get these systems more refined and you train them up better. Because they can, in these mechanical situations, you know, take perfect attention in a way that, you know, a human line judge is just, you know, sometimes it's thinking about lunch. It just happens. We're humans. Yeah, we're, you know, I don't know, blurry eyes for a second. Yeah, yeah, yeah, because you're crying about the fact that your team is losing. You're going to lose that bribe. Listen, you're a rough, you're supposed to be impartial. Yeah, exactly, exactly. All right, let's check out the mailbag. All right, let's do it. Ross writes in as a Scott now living in Norway just wanted to point out that Equinor is a Norwegian company. It's not Scottish. I can understand that confusion says Ross, seeing as they started out with their test in Scotland and are now expanding back into Norwegian waters. Scotland already has multiple offshore wind turbine installations around its coast, which approved to be more popular with the public than onshore installations, unless you happen to be a former POTUS, which was less than happy to have an installation off the coast of his golf course. Okay, Ross. Ross says Norway by contrast, though, seemed to have a more conservative approach, at least within its own borders when it comes to offshore wind. He only recently announced an auction for an offshore wind farm to be happening later this year. What explanation for this may be that Norway already has a lot of renewable energy by the way of their other natural resources that they've been blessed with mountains and rain. Hydroelectric plants produce around 95% of the power generated here. Personally, I'm looking forward to both Scotland and Norway being on the forefront of renewables as an alternative to the oil industry, which both countries currently depend on and will need to migrate away from within the course of this century. Thank you, Ross, for that clarification. Appreciate you being kind in correcting that and giving us the extra boots on the ground details about that. Indeed. Yeah, really, in the end, I agree with you, Ross. The important thing is getting more of that energy generated, whether it's off the coast of Norway, Scotland, or somewhere else. Indeed. Anybody who's got more thoughts on this or anything we talk about on the show, please do email us. We really like to hear your feedback. Feedback at DailyTechNewShow.com is where to send your thoughts. Also, thanks to you, Shannon Morse, for being with us today. What is going on and where can people keep up with it? YouTube.com slash Shannon Morse, spelled just like my name is the best place to go to keep up with all the tech fun stuff that I am currently up to. I just did a couple of really fun videos. I secured my networking setup. I showed people how to do that with network segmentation. It was very fun. And I also just installed some DIY smart shades, which was super cool. And now I have like smart blinds in my studio. It's jealous. It's really fun. It's awesome. It's great if you're short, because you can't like reach the top of your window to pull down the shade. So I absolutely love it. Yeah, I wouldn't know anything about that, Shannon. Oh, I think we're, we're in this. Yeah, we both feel the same. Smart plans, you know, it's in my future somewhere. We also have a few new bosses to thank, which is always a really, really fun way to come back from a little bit of a long holiday weekend here in the US. So let's thank PCCAPSO, PunkFedge, Brian and Peter, because they all just started backing us on Patreon. So thank you PCCAPSO. Thank you PunkFedge. Thank you, Brian. And thank you, Peter. Indeed. Indeed. Just a reminder, there's a longer version of the show called Good Day Internet. We roll into it right after DTNS wraps up. Available at patreon.com slash DTNS if you want any more information about that. But a reminder, we do the show live. Live Monday through Friday, 4pm Eastern, that's 2100 UTC. You can always find out more at dailytechnewshow.com slash live. We'd love to have you join us live if you can. We'll be back tomorrow with Scott Johnson and Dr. Nicky Ackermans to talk about what is going to happen now that CERN restarted the large Hadron Collider after a three-year hiatus. Talk to you then.